Auth0 Home Blog Docs

Can i check within my iOS (Swift) app, if my idToken has expired?

ios
idtoken

#1

I have a Swift App, which implements the web login for Auth0. On successful login, i receive an access token and and idToken, which i both store in my Keychain. Upon next login, i first check, if the access token is still valid by

  Auth0
        .authentication()
        .userInfo(withAccessToken: accessToken)
        .start { result in
            switch result {
            case .success(result: let profile):
                
                print("access token still valid")

And proceed with my app without my user having to login again. The issue i’m having however is that my idToken might be expired already, so even checking if access token is still valid, i might have an expired idToken, which leads to errors when i request my backend with this idToken. So how do i solve this? Is there a way to check, if my idToken has expired in Swift?


#2

Technically, the ID token is a JWT so it’s possible to check it’s expiration because the expiration is one of the claims contained within it. However, the important part to consider is that you should not be sending ID tokens to your back-end given there is specific flows that allow you to obtain API specific access tokens. See this article for additional information on this topic.

Moving to API authorization flows the ID token would be used initially to convene information about the end-user so that the client application can provide a customized experience, but it would be the access token that would get sent to the back-end in order to authorize each request; a side-effect would be that after initial validation completed the expiration on the ID token would not influence much or cause the impact you described.


#3